METATRON
Overview
Section titled “Overview”METATRON is an AI-powered offline penetration testing assistant that combines traditional reconnaissance tools (nmap, whois, whatweb, curl, dig, nikto) with local LLM models via Ollama. It automates the reconnaissance phase, feeds results to a local AI model for intelligent vulnerability analysis, and suggests exploits—all without internet connectivity or API keys.
Built for Parrot OS and Debian-based systems, METATRON uses MariaDB for persistence and runs completely offline, making it ideal for air-gapped networks and sensitive security operations.
Release: April 2026
License: MIT
GitHub: sooryathejas/METATRON
Installation
Section titled “Installation”Prerequisites
Section titled “Prerequisites”- Linux (Parrot OS/Debian-based)
- Docker or Docker Compose (recommended)
- Ollama installed locally
- At least 8GB RAM (16GB+ recommended for large scans)
- MariaDB or MySQL server
Install from Source
Section titled “Install from Source”# Clone the repository
git clone https://github.com/sooryathejas/METATRON.git
cd METATRON
# Install Python dependencies
pip install -r requirements.txt
# Install system dependencies
sudo apt-get update
sudo apt-get install -y nmap whois whatweb nikto curl dnsutils
# Set up MariaDB
sudo mysql -u root -p < database/schema.sqlDocker Installation
Section titled “Docker Installation”# Using docker-compose
docker-compose up -d
# Verify services
docker-compose psConfigure Ollama
Section titled “Configure Ollama”# Download a local model (llama2 recommended for security analysis)
ollama pull llama2
# Or use mistral for faster analysis
ollama pull mistral
# Verify model is running
ollama listConfiguration
Section titled “Configuration”Environment Setup
Section titled “Environment Setup”Create .env file in project root:
OLLAMA_HOST=http://localhost:11434
OLLAMA_MODEL=llama2
DB_HOST=localhost
DB_USER=metatron
DB_PASSWORD=secure_password_here
DB_NAME=metatron_db
SCAN_TIMEOUT=3600
THREADS=4Database Configuration
Section titled “Database Configuration”-- Initialize database
CREATE DATABASE metatron_db;
CREATE USER 'metatron'@'localhost' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON metatron_db.* TO 'metatron'@'localhost';
FLUSH PRIVILEGES;Core Commands
Section titled “Core Commands”| Command | Purpose | Example |
|---|---|---|
metatron scan | Start full reconnaissance scan | metatron scan 192.168.1.100 -p all |
metatron nmap | Run Nmap scan with AI analysis | metatron nmap 10.0.0.0/24 -sV |
metatron analyze | Analyze scan results with local LLM | metatron analyze scan_id |
metatron suggest | Get exploit suggestions | metatron suggest scan_id --service http |
metatron whois | Perform WHOIS lookup | metatron whois example.com |
metatron dns | DNS enumeration with AI insights | metatron dns example.com |
metatron web | Web reconnaissance (whatweb + curl) | metatron web https://example.com |
metatron db | List all scans in database | metatron db list |
metatron export | Export report to JSON/PDF | metatron export scan_id --format pdf |
metatron status | Check service status | metatron status |
Reconnaissance Workflow
Section titled “Reconnaissance Workflow”Basic Scan
Section titled “Basic Scan”# Simple host discovery
metatron scan 192.168.1.100
# Full port scan with service detection
metatron scan 192.168.1.100 -p all -sV
# Scan entire subnet
metatron scan 192.168.1.0/24 --fastNmap Integration
Section titled “Nmap Integration”# TCP SYN scan
metatron nmap 10.0.0.50 -sS
# UDP scan
metatron nmap 10.0.0.50 -sU -p 53,123,161
# OS detection with service versions
metatron nmap 10.0.0.50 -O -sV
# Aggressive scan
metatron nmap 10.0.0.50 -A
# Save results to database
metatron nmap 10.0.0.50 -sV --save-dbWeb Reconnaissance
Section titled “Web Reconnaissance”# Whatweb analysis
metatron web https://example.com --full
# Check SSL/TLS certificate
metatron web https://example.com --check-ssl
# Technology stack detection
metatron web https://example.com --technologies
# Save web reconnaissance
metatron web https://example.com --save-dbDNS Enumeration
Section titled “DNS Enumeration”# Standard DNS lookup
metatron dns example.com
# Zone transfer attempt
metatron dns example.com --transfer
# Subdomain enumeration
metatron dns example.com --subdomains
# DNSSEC validation
metatron dns example.com --dnssecAI Analysis Features
Section titled “AI Analysis Features”Vulnerability Analysis
Section titled “Vulnerability Analysis”# Analyze all findings from a scan
metatron analyze scan_id --level deep
# Focus on critical vulnerabilities
metatron analyze scan_id --filter critical
# Generate CVSS scores with AI insights
metatron analyze scan_id --cvss
# Compare against known exploits
metatron analyze scan_id --exploit-dbExploit Suggestions
Section titled “Exploit Suggestions”# Get exploit suggestions for a scan
metatron suggest scan_id
# Filter by service type
metatron suggest scan_id --service http --service ssh
# Priority-based suggestions
metatron suggest scan_id --priority high
# Export suggested exploits
metatron suggest scan_id --export jsonCustom AI Prompts
Section titled “Custom AI Prompts”# Use custom LLM prompt for analysis
metatron analyze scan_id --custom-prompt "Find all OWASP Top 10 issues"
# Security-focused analysis
metatron analyze scan_id --mode security
# Compliance-focused analysis (HIPAA, PCI-DSS)
metatron analyze scan_id --mode compliance --standard pci-dssAdvanced Usage
Section titled “Advanced Usage”Batch Scanning
Section titled “Batch Scanning”# Scan multiple targets from file
metatron scan-batch targets.txt
# Parallel scanning (4 threads)
metatron scan-batch targets.txt --threads 4
# Resume interrupted batch
metatron scan-batch targets.txt --resumeDatabase Operations
Section titled “Database Operations”# List all scans
metatron db list
# View specific scan details
metatron db show scan_id
# Delete old scans (30+ days)
metatron db cleanup --older-than 30
# Export all scans
metatron db export --format json --output report.json
# Generate audit trail
metatron db audit-log --format csvReport Generation
Section titled “Report Generation”# Generate PDF report
metatron export scan_id --format pdf --output report.pdf
# HTML executive summary
metatron export scan_id --format html --template executive
# JSON for integration
metatron export scan_id --format json
# CSV vulnerability list
metatron export scan_id --format csv --filter vulnerabilitiesOffline Model Management
Section titled “Offline Model Management”# List available models
ollama list
# Download additional models
ollama pull neural-chat
# Switch active model
metatron config set OLLAMA_MODEL mistral
# Remove unused models
ollama rm llama2Integration with Security Tools
Section titled “Integration with Security Tools”Metasploit Integration
Section titled “Metasploit Integration”# Export findings to Metasploit resource script
metatron export scan_id --format msfconsole --output exploit.rc
# Use in msfconsole
msfconsole -r exploit.rcBurp Suite Export
Section titled “Burp Suite Export”# Export as Burp Suite XML
metatron export scan_id --format burp-xml
# Combine with manual testing
# Import XML into Burp Suite ScannerNessus/OpenVAS Comparison
Section titled “Nessus/OpenVAS Comparison”# Export in OpenVAS format
metatron export scan_id --format openvas-xml
# Compare with Nessus results
metatron compare scan_id --nessus-file nessus_report.nessusConfiguration Examples
Section titled “Configuration Examples”High-Performance Scanning
Section titled “High-Performance Scanning”# metatron.yaml
scan:
timeout: 7200
threads: 8
parallelism: aggressive
nmap:
aggressive: true
os_detection: true
service_detection: sV
ollama:
model: mistral
temperature: 0.3
max_tokens: 2048Conservative/Stealth Mode
Section titled “Conservative/Stealth Mode”scan:
timeout: 14400
threads: 1
parallelism: conservative
rate_limit: slow
nmap:
aggressive: false
timing: polite
fragment: true
ollama:
model: llama2
temperature: 0.1Performance Tuning
Section titled “Performance Tuning”Memory Optimization
Section titled “Memory Optimization”# For limited-memory systems
metatron scan target --low-memory
metatron config set OLLAMA_MODEL mistral-small
# Monitor resource usage
metatron status --verboseNetwork Optimization
Section titled “Network Optimization”# Reduce network bandwidth
metatron nmap target -T2 --max-rate 100
# Increase scan speed (careful on network)
metatron nmap target -T5 --min-rate 1000Troubleshooting
Section titled “Troubleshooting”Ollama Connection Issues
Section titled “Ollama Connection Issues”# Check Ollama service
ollama list
# Restart Ollama
systemctl restart ollama
# Verify connectivity
curl http://localhost:11434/api/tags
# Set explicit host
metatron config set OLLAMA_HOST http://localhost:11434Database Errors
Section titled “Database Errors”# Check MariaDB status
sudo systemctl status mariadb
# Verify database connection
mysql -u metatron -p metatron_db -e "SELECT 1;"
# Repair database
sudo mysqlcheck -u root -p --repair --all-databasesScan Timeouts
Section titled “Scan Timeouts”# Increase timeout for large networks
metatron scan target --timeout 7200
# Use fast mode for quick scanning
metatron scan target --fast
# Enable progressive output
metatron scan target --verboseBest Practices
Section titled “Best Practices”Security Operations
Section titled “Security Operations”- Air-Gapped Networks: METATRON is ideal for isolated security assessments
- Model Updates: Regularly update local LLM models for better analysis
- Database Backup: Schedule regular MariaDB backups
- Scan Logging: All scans are automatically logged to database
- API Key Prevention: No external APIs needed—completely offline
Reconnaissance Methodology
Section titled “Reconnaissance Methodology”- Start with host discovery scans
- Run service enumeration with nmap
- Perform web reconnaissance on discovered web servers
- DNS enumeration for subdomain discovery
- Feed all results to AI analysis engine
- Review and prioritize findings
- Generate compliance/audit reports
Compliance & Auditing
Section titled “Compliance & Auditing”# Generate SOC 2 report
metatron export scan_id --template soc2 --format pdf
# HIPAA compliance check
metatron analyze scan_id --standard hipaa
# PCI-DSS assessment
metatron analyze scan_id --standard pci-dssResources
Section titled “Resources”- GitHub Repository: https://github.com/sooryathejas/METATRON
- Ollama Models: https://ollama.ai/library
- Nmap Documentation: https://nmap.org/book/
- Parrot OS Guide: https://docs.parrotsec.org/
Community & Support
Section titled “Community & Support”- GitHub Issues for bug reports and feature requests
- Offline documentation included in repository
- Compatible with Parrot OS security toolkit ecosystem